HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free and registered users see less advertising! If you just want to browse through the existing questions, just select the forum that you want to visit from the selection below. Otherwise, click here to register!. We highly recommend that you print a copy of our Guide for New Members. Enjoy!

YUM Multi-Repository setup

by elovkoff
(Transferred from the wiki by Peter)

Objective: Our Company has 5 geographical sites. 3 of them have Linux sevrers. Linux versions deployed are - Red Hat 9, Red Hat 7.3. We need to have a security infrastructure in place that will allow us to:

Download security updates from the internet to the single repository

To update all company Linux sevrers over the private network from that repository

Solution: Install YUM on Fedora Core 2 to serve as the dedicated central repository. Configure the rest of the Linux servers as the clients for that repository.
Requirements:- Lots of space (Base RPMS for RH7.3 and RH9 take up to 5G, update RPMS can take up to 1.5G). I have a 36G Hard drive just in case, who knows maybe some day we'll through in some other distros into our network - My setup runs on P4 256RAM PC-class box, I'm sure though that PIII will do the job as well. - Wget should be installed in order for download script to function

Implementation: The following was configured in order for this to work in production environment:
Note: The configuration here explains how to configure everything to run with root user, it is the easiest way but not the most secure - if you're interested in setting it up under the regular user credentials - just follow the link provided for yum_repository.sh script late; this kind of a set up is a bit out of scope of this document I've decided to use Fedora Core 2 as it comes built in with yum and most of the articles I've found on the Internet are fc2-related.

Make sure you install httpd (web server) as it will provide updates - clients will request its URL in order to get the update. a. Create the directory structure for updates you need i. cd /var/www/html ii. mkdir -p yum/redhat/9 (under 9 create 2 directories - -base- and -updates- iii. Same structure needs to be created for 7.3 - under yum/redhat create the 7.3 directory, under which -base- and -update- directories should be created. b. Copy the base RPMS - you can either download it off the Internet or you can simply copy them form the installation CDs - I copied them from the CDs. cp /mnt/cdrom/RedHat/RPMS/* /var/www/html/yum/redhat/9/base You should copy them to the -base- directory of every distro you want to have a repository for. After that you should create the headers for the base repository - run the following command while located in -base- directory: yum-arch . (-.- Here means -this directory- and not the end of the sentence J Remember - this should be done for every repository you configure.

Copy the yum_repository.sh script to some directory on your server (I've placed it in /usr/bin). This script allows you to: a. Download security updates from the internet b. Download updates for specific Linux OS versions and place it in a different repositories c. Perform GPG checks of the downloaded packages Yum_repository.sh script can be obtained from here (as well as another how-to for setting up YUM) http://www.fedoranews.org/alex/tutorial/yum/1.shtml Configure the script according to your needs.

There are a couple of things worth mentioning regarding this script:

I had problems performing the gpg checks for signed packages so I had to disable this feature: Look for the following line in the script YUM_ARGS="-c" and comment it out. The way to figure out you if have problems with gpg checks - start the script and then look in the /tmp/yum_repository.log for the errors or simply grep this file for -Problem with gpg-. You can always enable gpg checks on the client side by specifying -gpgcheck=1- in the yum.conf file. Another indication that the script with this setting didn-t run is that first time you download updates it should create -headers- directory; when there is a problem with gpg checks it will not create this directory.

In order for this script to run under root you should disable ID checks in the script - you should comment out some lines in the script: (see example)

When you configure mirror directories and update directories make sure they start with correct numbering [0] - if the first starts with [1] then it would not work Also - if the first one starts with correct value [0] but the second has [2] then download for [2] would not work. The numbering should be consequential. 4. Basically this script does 2 things: a. Downloads what you say it should download and place it according to your settings b. After download has been executed it runs yum-arch for the downloaded stuff to create the rpm headers. After the correct script execution you should see pretty much the following in the yum_repository.log file:

That should get you going with this script.
If script runs successfully you can specify the cron entry for this script to be scheduled. In order to execute it every 6 hours specify the following in the cron file:

Code:

1 */6 * * * /usr/bin/yum_repository.sh

(or whatever the location of your script is)
BASICALLY, we are done with the server part, now we have to configure the clients to get the updates form the server.

CLIENT CONFIGURATON:

1. Install yum rpm on the client servers/stations. Yum rpms for 9 and 7.3 red hat versions are available on www.fedoralegacy.org site. 2. Configure yum.conf located in /etc. You should point it to the YUM sevrer you have just installed. Let-s say the IP address of the YUM sevrer you have just installed is 10.0.84.95. Then yum.conf file should look like that:

3. After that you can start using the updates with -yum update- command. In the case you want to schedule this command and answer -yes- automatically to yum questions asked during the update then you should use yum -y update command.

LOG ROTATION SETTINGS

You might want to rotate yum_repository.log as it can grow, in order to rotate it place the following in the /etc/logrotate.conf

SOME COMMENTS REGARDING THE USAGE:
a) If you want to see which rpm have been updated during the update then check the logfile=/var/log/yum.log. This file gets populated only if the update is successful; otherwise it will be blank (if this is the first time) or will have no entries for the failed update. b) If you want to redownload the headers from the server then remove all subdirectories under /var/cache/yum and re-initiate the update. Actually the easiest way to do that is to run -yum clean- c) If you want to use updates automatically then you should schedule cron with yum -y update command d) In the case when server/station gets updated for the first time and there LOTS of updates to be applied - sometimes the update gets stuck on the glibc update. In this case just reboot the box and reinitiate the update. e) Yum notifications regarding the success/failure of the update - could not find the info regarding that
SOME ERRORS ENCOUNTERED DURING THE YUM UPDATE:
1. -segmentation fault- errors during the client update - remove subdirectories under /var/cache/yum and try again 2. -identical dependency loop exceeded- during the client update - usually it complains about specific package. Uninstall this package if you don-t need it and run the update again, or uninstall/reinstall this rpm if you need it and then run the update 3. Error: MD5 Signature check failed for /var/cache/yum/731server/packages/gnumeric-1.0.5-3.i386.rpm You may want to run yum clean or remove the file: /var/cache/yum/731server/packages/gnumeric-1.0.5-3.i386.rpm Exiting. - In this particular case it has nothing to do with MD5 - it is an indication that /var partition ran out of space. Solution - in yum.conf point the -cachedir = - to the directory on other partition that has more space. I've created /home/yum for that matter.
CREATING CUSTOMIZED YUM PACKAGES:
If you have lots of client machines and you don-t want to edit yum.conf manually then you can try the following solution to hardcode the settings into the yum rpm for clients:
Example is for Fedora yum package but you can do the same for other distros. a) Get the source RPM (SRPM) from either your CD or the Fedora Download Server (or your friendly neighborhood mirror, of course). The package you want is yum-2.0.7-1.1.src.rpm. As root, install this package with the command rpm -i yum-2.0.7-1.1.src.rpm. b) RPM sources are kept in the /usr/src/redhat folder, with the source files in SOURCES and the spec files in SPECS. You need to edit both the default yum.conf file and the yum.spec file. First, edit /usr/src/redhat/SOURCES/yum.conf.fedora. Next, edit /usr/src/redhat/SPECS/yum.spec, changing the line:
Release: 1.1
to:
Release: 1.2
This change gives our customised RPM precedence over the stock one. Now you can build the RPM with the command
rpmbuild -ba /usr/src/redhat/SPECS/yum.spec.
The resultant RPM is stored in /usr/src/redhat/RPMS/noarch, and can be installed with the command
rpm -U /usr/src/redhat/RPMS/noarch/yum-2.0.7-1.2.noarch.rpm.